In a typical client/server computer network, the user of a client computer requests the execution of an object. In particular, the user requests the execution of a method associated with the object. Frequently, the object is not stored locally on the client computer. Thus, a remote procedure call (RPC) must be made to a server computer on which the object resides. The RPC specifies the object and its associated method. The server computer identifies the method to be executed, executes that method, and passes the results and/or exceptions generated back to the client computer. A standard distributed mechanism for handling remote procedure calls is often referred to as an Object Request Broker (ORB). The mechanism is distributed in the sense that the software associated with an ORB is on both the client computer and the server computer.
For the purpose of this document, the term "invoke an object" is defined to mean invoking a method associated with the object.
The ORB enables a user to access objects residing in different address spaces. When a user is permitted access to the ORB, it can invoke any object residing within the distributed system. A user denied access to the ORB is restricted from accessing any object outside the user's address space. Thus, in order to permit remote object invocations, a user is given unrestricted access to all remote objects. Currently, there is no effective mechanism to restrict a user's access via the ORB to select objects residing outside the user's address space. Such unrestricted access can have potentially disastrous ramifications.